>Number: 382
>Category: mod_include
>Synopsis: exec cgi not fully implemented?
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun Apr 13 16:00:01 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2b8
>Environment:
DEC Alpha, v3.2G OSF/1
>Description:
The following construct is not properly handled by mod_include.c
<!--#exec cgi="/cgi-bin/random/random/debug.cnf"-->
Specifically, the program /cgi-bin/random is a perl script which
expects $ENV{PATH_TRANSLATED} to be set to "/some/directory/random/debug.cnf"
which is not occuring. This same behavior was observed in the NCSA
server(s), for which we posted the patch
ftp://www.destek.net/pub/ncsa-ssi.diff
several months ago. This seems to be a general problem in that the
Apache code doesn't appear to permit arguments in a SSI command in the
same fashion as they would be if the URL were requested directly.
>How-To-Repeat:
http://www.destek.net/Doc/CGI/random/ provides samples of the
problem, though the CGI application has never been made public,
though I bet you can guess what it looks like...
>Fix:
Analyze the referenced diff for the NCSA code and find a mechanism
to handle requests in a similar manner, if this is the same bug..
>Audit-Trail:
>Unformatted:
